Bug 236285
| Summary: | alsactl getting an avc denial on resume | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Zack Cerza <zcerza> |
| Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Ben Levenson <benl> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | rawhide | CC: | davidz, djuran, stransky |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Current | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2007-08-22 14:16:59 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 236916, 236918 | ||
| Bug Blocks: | |||
Any idea what it is trying to write? No idea. This appears to only happen on resume (from RAM, haven't tried disk) These two might offer more information.
avc: denied { create } for comm="alsactl" dev=sda3 egid=0 euid=0
exe="/sbin/alsactl" exit=3 fsgid=0 fsuid=0 gid=0 items=0 name="asound.state"
pid=9780 scontext=system_u:system_r:hald_t:s0 sgid=0
subj=system_u:system_r:hald_t:s0 suid=0 tclass=file
tcontext=system_u:object_r:etc_t:s0 tty=(none) uid=0
avc: denied { write } for comm="alsactl" dev=sda3 egid=0 euid=0
exe="/sbin/alsactl" exit=4096 fsgid=0 fsuid=0 gid=0 items=0 name="asound.state"
path="/etc/asound.state" pid=9780 scontext=system_u:system_r:hald_t:s0 sgid=0
subj=system_u:system_r:hald_t:s0 suid=0 tclass=file
tcontext=system_u:object_r:etc_t:s0 tty=(none) uid=0
It's right, /etc/asound.state is stored volume setting for soundcards and /sbin/alsactl has to read/write/create it. Any chance of getting this file into its own directory? /etc/asound/asound.state? Which apps read this file? This file should be at least ghosted by alsa-utils No problem, I can move asound.state to /etc/asound. It's read only by alsactl. So shall I move it there? Yes if you move it there, I will create a new context for this directory and allow hal to manipulate that directory. This way I don't have to allow hal to manipulate etc_t which includes /etc/passwd. Do you know which hal script(s) manipulates alsactl? alsactl is run by init scripts, modprobe.conf (the install section for each sound driver) and /sbin/salsa. So I'll create one utility for store/restore sound settings and this utility can be called by scripts, no matter where the configuration is actually stored. The "salsa" utility was updated in alsa-utils-1.0.14-0.5.rc2.fc7. We need to update initscripts (halt) and /etc/modprobe.conf with appropriate configuration. We can use: ----------- "/sbin/salsa -s" - saves volume settings for all sound cards "/sbin/salsa -s 1" - saves volume settings for the second sound card "/sbin/salsa -l" - loads/restores volume settings for all cards "/sbin/salsa -l 1" - loads/restores volume settings for the second sound card Bug 236916 was filed for initscripts. Bug 236918 was filed against kudzu (for /etc/modprobe.conf). Fixed in selinux-policy-2.6.4-5.fc7 Should be fixed in the current release |
Description of problem: alsactl's getting an avc denial on resume. This is a fresh install of yesterday's rawhide. Let me know if you need more info. type=AVC msg=audit(1176407381.786:145): avc: denied { write } for pid=18367 comm="alsactl" name="etc" dev=sda3 ino=229377 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir drwxr-xr-x root root system_u:object_r:etc_t /etc Version-Release number of selected component (if applicable): selinux-policy-targeted-2.5.12-1.fc7